I have problem with sec::authorize, it's, not working. I tried almost everything.
This is example from my project:
<div sec:authorize="isAuthenticated()">
<form action="logmeout" th:action="@{/logmeout}" method="post" id="form1"></form>
<button type="submit" form="form1" value="Submit">Wyloguj</button>
</div>
<div sec:authorize="isAnonymous()">
<form action="logmeout" th:action="@{/logmeout}" method="post" id="form2"></form>
<button type="submit" form="form2" value="Submit">Zaloguj</button>
</div>
Sec:authorize is always true and all forms are visible.
My pom file:
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>nz.net.ultraq.thymeleaf</groupId>
<artifactId>thymeleaf-layout-dialect</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity3</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>com.opencsv</groupId>
<artifactId>opencsv</artifactId>
<version>4.4</version>
</dependency>
</dependencies>
<build>
<finalName>springApp</finalName>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
And SecurityConfig:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
return passwordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] staticResources = {
"/css/**",
"/img/**",
"/fonts/**",
"/scripts/**",
};
http
.authorizeRequests()
.antMatchers(staticResources).permitAll()
.antMatchers("/").permitAll()
.antMatchers("/register").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/loginform")
.permitAll()
.loginProcessingUrl("/processlogin")
.permitAll()
.usernameParameter("user")
.passwordParameter("pass")
.and()
.logout()
.logoutUrl("/logmeout")
.logoutSuccessUrl("/logoutservice")
.permitAll();
}
}
When I try add:
<div th:text="${#authentication.name}">
I see error Exception evaluating SpringEL expression: "#authentication.name" . How can I handle with that?
Most of these cases are related with your dependencies and related versions. I am assuming yor spring-boot version is 2.1.X then you should be using the following dependency:
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
This is also noted in this SO question.